Re: ORBIT, GNOME, and security

From: Michael Rumpf <michael rumpfonline de>

To: orbit-list gnome org

Subject: Re: ORBIT, GNOME, and security

Date: Tue, 19 Sep 2000 20:28:46 +0200

Hi,
Elliot Lee wrote:
>
> On Tue, 19 Sep 2000, Dietmar Maurer wrote:
>
> > I have just found the following statement in the FAQ:
> >
> > > The GNOME security discussion lead to disabling IIOP (i.e. listening
> > > on TCP/IP ports) per default. If you want to
> > > use ORBit over the network you need to turn it on again
> >
> > What does that mean? Isn't it possible to make a real client/server
> > application using GNOME with ORBit (without security loss)?
> > Please can someone give me a link to more information.
>
> echo 'ORBIIOPIPv4=1' >> /etc/orbitrc
Maybe I should be a little bit more verbose in the FAQ......
Could someone please give me a link to a thread in the mailing-list archives which lead to disabling IIOP in ORBit-stable-0-5 per default ?
> > And just another question: Is there a way to get object
> > references via url (hostname,tcp_port,object_key)?
>
> Technically speaking, IOR:... is a URL already.
>
> I think CVS head has some code to handle iioploc:// and iiop:// URLs in
The latest INS spec changed the names from iioploc:// and iiop:// to corbaloc:// corbaname:// because they don't want to have the name of the protocol in the URL. In the future there might be other protocols which requires different parameters to go into a URL. Having "iiop" as the protocol
identifier would make no sense if another protocol than IIOP is used.
> CORBA_ORB_string_to_object(), but I think there are no good reasons to use
> these - their advantage of human readability is irrelevant, and they have
> a big disadvantage of not encoding lots of information useful to the ORB.
But it is the official resolution of the bootstrapping problem, with which CORBA is struggeling quite a while now. If you have a look to the preliminary CORBA 2.4 spec you can see that the INS spec is going to be integrated into CORBA 2.4 (chapter 4.5.3: Configuring Initial Service References). I
think the corbaloc/corbaname URLs are intended to be used only for the first reference. If you start your client which connects to a CORBA NameService you don't have to think about any proprietary ways to get its IOR ( reading from file, environment variable, retrieving from X window properties ).
If you know the name of the server on which the NameSerice is running it should be enough to start your client with the following command line:
myclient -ORBInitRef NameService=corbaloc://nshost/NameService
The client application can use just the call to resolve_initial_references("NameService"); to get a valid object reference to the Naming Service and from then everything works as before....
Michael